Last Updated: January 5, 2025
IntroductionAt Tether Supervision, we are dedicated to safeguarding the confidentiality, integrity, and availability of the data we process. This includes Protected Health Information (PHI), Personally Identifiable Information (PII), and other sensitive customer data. This Information Security Policy outlines our approach to data protection, regulatory compliance, and secure service delivery, ensuring transparency and trust with our partners, customers, and users.
1. Scope
This policy applies to all employees, contractors, and vendors who access Tether Supervision’s systems, networks, and data. It governs all data storage, transmission, and processing activities conducted through our platforms and technology partners, including digital, physical, and verbal communication.
2. Data Protection Measures
Tether Supervision implements rigorous technical and administrative controls to protect sensitive data:
Encryption: All data in transit is encrypted using TLS 1.3 or higher. Data at rest is encrypted with industry-standard AES-256 encryption.
Access Controls: Access to systems and data is role-based and adheres to the principle of least privilege. Multifactor authentication (MFA) is enforced for privileged accounts.
Data Retention and Deletion: Data is retained only as necessary to meet business or legal obligations. Upon contract termination, data is securely deleted following applicable regulations.
3. Compliance
Tether Supervision complies with all relevant regulatory frameworks, including:
HIPAA and HITECH: We ensure PHI protection through signed Business Associate Agreements (BAAs) with subcontractors such as Google Workspace and Zoom.
State and Local Regulations: We adhere to applicable data protection laws where services are provided.
4. Risk Management
Tether Supervision employs robust risk management practices to mitigate potential threats:
Incident Response: We maintain a documented Incident Response Plan to address and resolve security incidents promptly.
Third-Party Security: All subcontractors and vendors sign Business Associate Agreements (BAAs) that outline their responsibility for compliance and data protection.
5. Security Awareness and Training
All employees and contractors receive regular training on cybersecurity best practices, regulatory compliance, and Tether Supervision’s internal policies. Training programs are updated to reflect new threats and industry standards.
6. Monitoring and Audit
Systems are continuously monitored for unauthorized access, suspicious activities, and potential vulnerabilities. Audit logs are maintained to track access to sensitive data, including who accessed it, when, and for what purpose. Periodic reviews of logs and policies ensure compliance and the effectiveness of our security controls.
7. Physical and Cloud Security
Physical Security: Tether Supervision does not maintain on-premises servers. Data is securely stored in cloud platforms provided by Google Workspace and Zoom under BAAs, in compliance with HIPAA regulations.
Cloud Security: Primary and backup data are hosted in secure, geographically diverse data centers managed by these partners.
8. Customer and Partner Engagement
We prioritize transparency and collaboration with customers and partners: Providing relevant documentation, such as SOC 2 reports from Google Workspace. Addressing security-related inquiries and ensuring open communication about our practices.
9. Policy Review and Updates
This policy is reviewed annually or as needed to reflect changes in regulatory requirements, industry standards, or organizational practices.
Contact InformationFor questions about this policy or additional information, please contact:
Email:
security@tethersupervision.comPhone: +1 (832) 974-0401
Last Updated: January 5, 2025
Approved By: Sam Beger, Chief Operating Officer
Tether Supervision remains committed to maintaining the highest standards of data protection and regulatory compliance, ensuring the secure handling of sensitive information throughout our operations.